Webb's Stores: Comprehensive Cloud Security Report and Recommendations

Verified

Added on 2020/03/02

AI Summary

This report provides a comprehensive analysis of cloud security concerns for Webb's Stores, a regional retailer transitioning its database to the Infrastructure as a Service (IaaS) cloud model. The report identifies and assesses various security risks associated with the cloud migration, including those related to IaaS infrastructure, database security, and communication channels. It highlights potential issues with backup, storage, and retrieval processes, and proposes a disaster recovery strategy tailored for the cloud environment. Furthermore, the report emphasizes the importance of access control mechanisms, detailing the implementation of role-based and attribute-based access control models across different cloud components. The conclusion underscores the necessity of addressing these security challenges to fully leverage the benefits of cloud computing while ensuring data protection and operational stability. The report also provides recommendations for staff training and system adjustments to facilitate a smooth transition and secure cloud operations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopasdfghjklz
xcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbnmqwer
tyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdf
ghjklzxcvbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopasdfghjklz
xcvbnmrtyuiopasdfghjklzxcvbnm
Webb’s Stores
Cloud Security
8/25/2017

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Webb’s Stores
Table of Contents
Introduction.................................................................................................................................................3
IaaS Security...............................................................................................................................................3
Benefits of IaaS Security.........................................................................................................................3
Issues & Difficulties................................................................................................................................4
Database Risks............................................................................................................................................4
IaaS Infrastructure Risks.............................................................................................................................4
Communication Risks.................................................................................................................................4
Risks & Issues – Backup, Storage and Retrieval.........................................................................................5
Disaster Recovery Strategy.........................................................................................................................5
Access Control............................................................................................................................................5
Conclusion...................................................................................................................................................6
References...................................................................................................................................................7
2

Webb’s Stores
Executive Summary
Webb’s Stores is an organization that operates from Australia and New Zealand and deals in the
products in the categories as food items and specialty goods. The decision to move the company
database to cloud has brought some risks and threats as well. Infrastructure as a Service (IaaS) is
the cloud security model that has been selected for the store. The IaaS security risks and threats
have been covered in the report along with the risks associated with database, infrastructure and
communication. There is also risk assessment covered in the areas of back-up, storage and
retrieval. The information on access control and disaster recovery has also been included in the
report.
3

Webb’s Stores
Introduction
Webb’s Stores is regional retailer that is based out of Australia. The store has its data centres in
Sydney, Melbourne and many regional data centres located in several different locations. There
are six hundred members of the staff and two hundred warehouse staff members that are engaged
with the store. Due to the problems in the current system and sets of operations, the store has
agreed to move its database and operational activities to the cloud. The report covers the aspects
of security that Webb’s store must consider and implement.
IaaS Security
The store has decided to move MS SQL Server 2012 R2 database to cloud Infrastructure as a
Service (IaaS) model. The following security measures will be required to be adopted in this
case.
 Enhanced network security with the deployment and integration of the database with
automated network monitoring and intrusion detection tools.
 Role based access control system to be implemented to make sure that only the privileges
and authorized users are provided the ability to access the database.
 Two-fold user authentication comprising of one time passwords and biometrics.
 Implementation of anti-denial and anti-malware tools (Ismail, 2017)
 Encryption of the information using Advanced Encryption Standard algorithms (AES)
and implementation of advanced hashing schemes.
 There shall be enhanced backup and disaster recovery mechanisms that shall be applied
in the database.
Benefits of IaaS Security
The above steps that have been illustrated will result in the prevention, detection and control of
the security risks and attacks.
There are numerous security occurrences that may take place in association with IaaS cloud
delivery model. As a result, it has been observed that the customer trust and satisfaction drops
down in such cases because of the repeated frequency of such incidents. With the use and
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Webb’s Stores
implementation of the measures suggested above, it will become possible to avoid the security
attacks (Simou, 2016).
Issues & Difficulties
There may be implementation and compatibility issues that may be observed. For instance, the
network security tools may not be compatible with the IaaS database that will be implemented
for the store (Shahid, 2015).
These security tools and measures will also involve a considerable cost associated with it. It may
lead to the problems with the estimated budget and expenses in association with Webb’s stores.
Database Risks
The decision to move the critical database on the cloud might bring in a number of cloud
database specific security risks and concerns. The attackers may violate the rules of access
control and may hijack the accounts on the database. It will provide them with the ability to
access the data and information sets from the database and misuse the same (Alashoor, 2014).
Information breaches and leakages are some of the risks that have been observed in association
with the cloud databases.
IaaS Infrastructure Risks
There may be business data and operations that will be carried out on the cloud database which
will have little or no infrastructural control by the IT department or the technical people from the
store. Many of the network-based security attacks may take place with cloud infrastructure as the
threat agent (Singh, 2001).
Communication Risks
The information will be shared from one data source to the other on the cloud and other
networks. The sharing and communication of information will be transmitted through various
networks and access points. Not all of these networks and access points will have a standard
security mechanism implemented which will give rise to the security risks and privacy threats.
5

Webb’s Stores
Risks & Issues – Backup, Storage and Retrieval
There are also risks associated with the back-up, storage and retrieval of the data from the cloud.
In case of backing up of the data on the cloud, there will be automated codes and programs that
will be required to automatically run the back-up. However, in case of a faulty code or launch of
a malware in the code, the process of backing up of the data may not be completed.
The data that will be stored on the cloud will also be open to the security attacks by the attackers.
There may also be technical and operational errors and risks that may result in integrity risks.
There will be a number of stored copies of the data on the cloud. The users may update one of
the copies and may leave the other unchanged. This will lead to the problems of inconsistency
and violation of integrity (Fowler, 2010).
The retrieval of the information will require the authenticated user credentials to login to the
database and gain access to the same. The users and employees may accidentally or deliberately
share their credentials with the unauthorized users. Such users may gain access to the database
and may cause damage to the information present within it.
Disaster Recovery Strategy
Disaster recovery strategy that is currently followed in the Webb’s stores will be required to be
modified and updated according to the cloud model that is used.
In case of cloud, there will be increased probability of the security and privacy risks. The disaster
recovery strategy will therefore be required to analyze all the cloud-related concerns and develop
the control measures mapping with each (Tari, Yi, Premarathne, Bertok & Khalil, 2015).
The frequency of the back-up and the number of data repositories will also increase and the
process of the back-ups will be modified as per the improved disaster recovery strategy.
Access Control
Access control is one of the basic steps towards security. There are a number of access control
models that have been developed such as mandatory, role-based, attribute-based and
discretionary access control.
6

Webb’s Stores
In case of Webb’s Stores, access shall be protected by executing and implementing a
combination of mandatory and role based access control.
 IaaS infrastructure: Role-based access control
 Ms SQL Server 2012 R2 cloud instance: Role based access control
 Cloud network infrastructure: Attribute based access control
 Cloud backup and restore infrastructure: Attribute based access control
Role based access control is the mechanism that provides access on the basis of the user role.
Attribute based access control on the other hand provides access on the basis of user’s attributes
such as date of birth or social security number or a combination of other attributes (Khan, 2012).
Conclusion
Webb’s Stores has taken a significant and necessary action by deciding to implement the cloud
computing models in their architecture. With the implementation of cloud databases, the current
issues in terms of difficult data and information management along with replication of the data
will be avoided. However, it will give rise to a new set of issues and concerns which will be
required to be managed. There will be a number of security issues, privacy attacks, operational
and technical risks that will come up. There will also be a number of changes that will be
introduced in the store in terms of the operational changes, technical changes, implementation
requirements and many more (Nadeem, 2016). It will be necessary to handle all of these issues
and changes to gain the best out of cloud computing models and databases implemented in the
store. An initial session of training will be required for the internal members of the staff to make
them comfortable with the new system. It will lead to a clear understanding of the functionalities
and will provide them with the clarity on the correct usage and application (Hashemi & Hesarlo,
2014).
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Webb’s Stores
References
Alashoor, T. (2014). Cloud computing: a review of security issues and solutions. International
Journal Of Cloud Computing, 3(3), 228. http://dx.doi.org/10.1504/ijcc.2014.064760
Fowler, S. (2010). Impact of denial of service solutions on network quality of service. Security
And Communication Networks, 4(10), 1089-1103. http://dx.doi.org/10.1002/sec.219
Hashemi, S., & Hesarlo, P. (2014). Security, Privacy and Trust Challenges in Cloud Computing
and Solutions. International Journal Of Computer Network And Information Security, 6(8),
34-40. http://dx.doi.org/10.5815/ijcnis.2014.08.05
Ismail, N. (2017). The winding road to GDPR compliance - Information Age. Information Age.
Retrieved 25 August 2017, from http://www.information-age.com/winding-road-gdpr-
compliance-123468132/
Khan, A. (2012). Access Control in Cloud Computing Environment. Retrieved 25 August 2017,
from https://pdfs.semanticscholar.org/ef20/bc1239539f9a8502715153c5af67fc9e9034.pdf
Nadeem, M. (2016). Cloud Computing: Security Issues and Challenges. Journal Of Wireless
Communications, 1(1). http://dx.doi.org/10.21174/jowc.v1i1.73
Shahid, M. (2015). Cloud Computing Security Models, Architectures, Issues and Challenges: A
Survey. The Smart Computing Review, 602-616.
http://dx.doi.org/10.6029/smartcr.2015.06.010
Simou, S. (2016). A survey on cloud forensics challenges and solutions. Security And
Communication Networks, 9(18), 6285-6314. http://dx.doi.org/10.1002/sec.1688
Singh, K. (2001). IT Infrastructure Security-Step by Step. Sans.org. Retrieved 25 August 2017,
from https://www.sans.org/reading-room/whitepapers/basics/infrastructure-security-step-
step-430
Tari, Z., Yi, X., Premarathne, U., Bertok, P., & Khalil, I. (2015). Security and Privacy in Cloud
Computing: Vision, Trends, and Challenges. IEEE Cloud Computing, 2(2), 30-38.
http://dx.doi.org/10.1109/mcc.2015.45
8